Archive for May, 2017

European Union General Data Protection Regulation (GDPR) – 2018 what should GCC countries consider?

May 30th, 2017

The UAE Ministry of Economy is raising awareness among private sector companies of the need to be ready for new European data protection rules, which comes into force one year from now.

The European Union General Data Protection Regulation (GDPR) is set to become law by May 2018. The new rules govern all companies in Europe, as well as all companies trading with European companies and individuals.

The GDPR was drafted to “harmonise the protection of fundamental rights and freedoms of natural persons in respect of processing activities and to ensure the free flow of personal data between Member States

The law includes strong penalties for either misuse of data, or failure to protect the personal data of customers, with fines of up to 4% of annual turnover, or 20m euros ($22m).

HE Juma Mohammed Al Kait, Assistant Undersecretary for Foreign Trade at the Ministry of Economy, noted that the regulation issued by the EU aims to protect the data of every individual in the EU.

This not only impacts companies operating in European countries, but includes all institutions and companies that conduct business, trade and investment activities within EU countries, including the UAE business sector linked with European trade relations.

Due to this, the Ministry is working on deepening its knowledge about the new legislation, its provisions and requirements, and aims to reconcile its operational procedures with European authorities, in adherence with the framework of the GDPR, before May 2018.

Al Kait emphasized the EU is one of the UAE’s most important trade partners. Trade between the two sides generated $65.8 billion in 2016 alone. The UAE has become one of the top 10 destinations for EU exports, and is home to over 41,000 European companies, in addition to over 121,000 EU citizens.

Penalties will also apply to information controllers and processors, including cloud software companies.

The new legislation also outlines terms of approval for the use of data, to prevent companies from using legally illegitimate terms, and gives both parties the ability to easily withdraw if desired.

The compliance world will change dramatically for a number of GCC organizations on 25 May 2018. In just over one year’s time GCC organizations that:
1.have a branch, subsidiary or single representative in the European Union (“EU”);
2.do not have a physical presence in the EU, but offer goods or services to data subjects in the EU; or
3.neither have a physical presence in the EU nor offer goods or services to people in the EU, but monitor the online behavior of data subjects in the EU, will have to ensure that they are complying with the European Union General Data Protection Regulation (“GDPR”).

Who is likely to be affected?

Based on the test set out in the GDPR, the new regulations will likely apply to a significant number of entities in this region.
Obvious examples include:
– major airlines that fly to and from the EU,
- hotel and tourism operators who promote travel to the region to EU data subjects,
- regional banks and other financial service companies that have branches in the financial centres in the EU and online.

Less obvious examples include:
- e-commerce companies that are able to accept payments in euros and deliver to the EU
- mobile apps that can be downloaded by users in the EU and which have access to a user’s contacts, photos or location data.

All of these businesses may need to comply with the GDPR and to mitigate the risk and cost of failure to do so.
If your organization is affected it has three main options:
1. wait and see i.e. do nothing (not advisable);
2.consider what it needs to do to ensure that it does not fall within the scope of the GDPR;
3. take immediate steps to prepare to comply with the GDPR .

For option (2), if your organization does not have an establishment in the EU and does not need to target or monitor EU data subjects then you ight consider making it very clear that your website or app is not for use by EU users (e.g. including geo-blocking EU data subjects).

for option (3), if you have not started the process of ensuring compliance by now, then there is a lot to do.

1.monitor business to consumer business practices, including:
- conducting a data protection audit,
- examining the legal basis on which it processes personal data and updates its privacy policies;
2.monitor internal business practices, including:
- review and update of agreements with data processors,
- implement processes for adoption of pseudoanonymization and privacy by design
- considering the legal basis on which it transfers personal data between jurisdictions;
3.establish compliant accountability processes, including”
- processes for record keeping,
- appointment of a data protection officer or EU representative and dealing with data subjects;
4.invest in infrastructure, including:
- how to determine the severity, and impact on data subjects of a data breach
- to establish robust security processes and procedures for notifying regulatory authorities and data subjects -

The need for compliance, especially for longer-term projects such as records of processing and compliant contracting, must be addressed as soon as is practicable.

Businesses that either operate, target customers or monitor individuals in the EU should :
• Audit: to identify key remediation areas.
• Record of Processing: This mandatory record will require significant internal resources, but will also help to plan and implement GDPR processes. .
• Consider Contract Renegotiations: The GDPR requires that contracts with data controllers include additional obligations. As companies come to renegotiate contracts, ensure that adequate data protection clauses are added.
• Review and update, where necessary, employee notices to be GDPR compliant. If you currently conduct criminal records checks, then review national laws where you operate to ensure you can continue to do so . There is an emphasis on transparency in the GDPR. Notices must be clear, concise and informative. Employees must be adequately informed of all data processing activities and data transfers and the information set out in Articles 13 to 14 must be provided. Criminal records can no longer be processed unless authorized by member state law.

Consider whether your organization is processing any sensitive personal data and ensure the requirements for
processing such data are satisfied While the grounds for processing are broadly the same as those set out
in the current Data Privacy Directive, the GDPR imposes new requirements to gain valid consent. Consent can be withdrawn at any time and systems must be able to handle withdrawal request.

• Review and update, where necessary, customer notices to be GDPR compliant
• Consider whether your notices have to accommodate “child-friendly requirements”. he GDPR requires parental consent for the processing of data related to information society services offered to a “child” (ranging
from 13 to 16 years old depending on the member state.
• Data privacy rights. The current rights to request access to data or require it to be rectified or deleted have been expanded to include a much broader right to require deletion (“the right to be forgotten”), a right not just to access your data but have it provided to you in a machine readable format (“data portability”). Versions of the existing right to object to any processing undertaken on the basis of legitimate interests or for direct marketing and the right not to be subject to decision based on automated processing are also included and expressly refer a right to object to profiling.
These must be clearly communicated in the notices given to data subjects, e.g. privacy policy
• Privacy by design. Ensure processes are in place to embed privacy by design into projects (e.g. technical and organizational measures are in place to ensure data minimization, purpose limitation and security)

Consider what data you hold in emails, in CRM systems, Social media.
What should be your data access use and retention policies?

Personally I think it will be great if this is a way to prosecute the perpetrators of all the spam nd phishing emails I get or at least to remove data form their lists!

VAT registration nears for the GCC – what should you be doing now – contact Synergy Software Systems

May 29th, 2017

VAT (Value Added TAX), which is also called as ‘tax on consumption’ , is a tax that is payable while purchasing any product. VAT is applied as particular percentage of the cost of goods and services, hence it can not be considered as a charge on companies. It is a general tax amount, which is added by the producer to the inputs before they are sold as new offerings.

All UAE businesses subject to the Value-Added Tax have to submit their tax declaration statements on a quarterly basis after the VAT law goes into effect starting January 2018, according the Ministry of Finance.

The threshold for VAT registration put at Dh375,000 as per the ministry’s announcement this week.
It is optional to register between Dh187,500 and Dh375,000 .

UAE businesses will be able to start VAT registration in Q3 2017 and it is compulsory to be registered by Q4 2017.

Businesses will be able to register online using eServices.

The UAE businesses, subject to the tax, have to keep all files that allow competent authorities to audit their transactions and commercial activities, with the nature of the needed documents to be announced over the coming period. Businesses will be required to keep records which will enable the authorities to identify the details of the business activities and to review transactions. The specifics regarding the documents which will be required and the time period for keeping those will be communicated in due course.

Review your finance systems’ readiness for rapid implementation to meet these requirements. There will be a shortage of skilled consultants, and there are several holidays (EID, Diwali, Christmas, New Year, National Day etc. its also budget time, and preparation for year end audits,to fit in during the last quarter. Allow time for collection of your trading partners VAT registration ids, for report development and update, for testing and for staff training.

All six of the GCC member states: Saudi Arabia, Qatar, Oman, Kuwait, the UAE and Bahrain – have now signed and approved the VAT framework.

Registered businesses will be expected to submit VAT returns on a regular basis. It is expected that the default period for filing VAT returns will be three months for the majority of businesses. Registered businesses will be able to file their returns online using eServices.

Exemptions:
We understand that:
Health, education services, international transportation, import gold for investment purposes, commodities and exports are exempted from VAT in UAE.
Residential buildings for sale or lease during the first three years in which the building is completed, some financial services and empty plots of land are also exempted from VAT.

The GCC Member States will appreciate the VAT on financial provisions. The Banks and Financial House are ineligible for VAT in terms of the services provided, instead, they might be eligible for input tax based on tax recovery rates determined by each Member State.

The Federal Tax Authority has also announced a 100 per cent tax on tobacco, energy drinks and 50 per cent on carbonated beverages. This is separate from VAT.

The General Authority for Zakat and Income Tax (GAZT) in KSA reportedly warned businesses, during an awareness session that took place at the Riyadh Chamber of Commerce on Monday 16 May 2017, that penalties will be applicable in the cases of violation of VAT laws and regulations.

Penalties

The following types of Penalties will apply in each of the following cases:
• Case 1: Businesses required to register for VAT and that fail to register shall be liable to double the net tax due.
• Case 2: Committing an error in filling the tax return shall result in paying an additional 50% of net tax declared.

• Case 3: Exaggerated tax refund claims shall be subject to a penalty 50% of the original amount reported.
• Case 4: Late filing of tax return would result in a penalty of SAR 1,000 and an extra 5 to 20% of the unpaid tax. The percentage varies depending on the number of days of delay.
• Case 5: Non-registered person who issue an invoice with VAT shall pay SAR 1,000 or double the amount of the net tax (whichever is higher).
• Case 6: Not keeping records of the required documents shall result on a penalty of SAR 1,000 or 2% of the monthly average taxable supplies (whichever is higher).
• Case 7: Non-compliance with GAZT inquiries in providing relevant information shall result in a penalty of SRA 1,000 or 2% of the average monthly taxable supplies (SAR 20,000 maximum) or whichever is higher.

Ramadan 2017 starts soon – Ramadan Kareem to all of our readers -Synergy Software Systems

May 25th, 2017

The holy month of Ramadan is expected to start this weekend. “The Saudi Supreme Court has already called on all Muslims throughout the Kingdom of Saudi Arabia to sight the crescent of the Holy Month of Ramadan on Thursday, May 25- it is expected that Ramadan will officially start on either Friday or Saturday.

During this period of fasting and spiritual reflection there will be several changes to our office routine:
Those working at site will work client hours
Our offices will be closed on Fridays and Saturdays until end of Ramadan.
From Sunday to Thursday our work hours will be 9 am-5pm

\Visitors will be provided with water in the conference room at their request, but will otherwise generally not be offered refreshment.

Some Guidance for those new to the region.
It is very easy to forget in hot weather that there are cultural norms and that authorities and others will be offended if these are not followed. It is a difficult enough time in this climate for those who fast, so please show due respect. You may well be stopped by the police for e.g. drinking a bottle of water in your parked car, or you may offend others by eating sweets, or your own food.

This is a very difficult time due to the hot, humid weather, which is expected to get a lot hotter, and we encourage you all to take adequate drinks of water at the appropriate times.

Dress code: Dubai has fairly relaxed standards that it is a tourist destination, but please be extra aware of the need to behave and dress with modesty and decorum and respect in this period.

Public shops and restaurants. Opening hours may be amended because those too will have shorter working hours – so plan ahead. In most cases shops will open after Iftar and will stay open much later than usual.

Alcohol sales, and public entertainment, music etc. will be stopped.

Some restaurants and shops may serve takeaway food during daylight hours, but will not be open for sit down meals.Some hotels may have segregated screened areas where food can be obtained.

Clinics, doctors, pharmacies etc. may also have reduced working hours.

Travel
Paid parking zones in Dubai,
The tariff will apply to all car parks (Zone: A, B, C, D, and G) from Saturday to Thursday at two periods:
from 08:00 am to 05:00 pm,
and from 07:00 pm to 12:00 (midnight).
The tariff will apply to the parking of the:
Dubai Silicon Oasis (Zone H), Saturday to Thursday, from 08:00 am to 10:00 pm,
Tecom (Zone F), Saturday to Thursday, from 08:00 am to 06:00 pm,
Fish Market (Zone E) from 08:00 am to 11:00 pm daily from Saturday to Friday,

Bus services
Public bus main stations, like Gold Souq Station, will open from 04:25 am to 12:00 (midnight)
Al Ghubaiba Station from 04:30 am to 12:00 (midnight).
Subsidiary stations, like Al Satwa, will operate from 04:57 am to 11:35 pm, and Route C01 will operate around-the-clock at Satwa.
Al Qusais Station will open 04:30 am to 12:00 (midnight),
Al Quoz Industrial Station will operate from 05:00 am to 11:30 pm,
Jebel Ali Station will be offering service from 05:00 am to 12:00 (midnight).

Stations of Metro Link buses, such as Al Rashidiya, Mall of the Emirate, Ibn Battuta, Burj Khalifa-Dubai Mall, Abu Hail and Etisalat, will open from 05:00 am to 12:20 am (past midnight).
The timing of all Metro Link buses will match the timing of the metro service.

Inter-city bus stations will operate in Ramadan as follows:
Main stations like Al Ghubaiba will operate around-the-clock to Sharjah (Jubail), and from 4:30 AM to 12:00 midnight to Abu Dhabi.
• Subsidiary stations, like Union Square, will operate from 04:35 am to 01:25 am (of the following day).
• Al Sabkha Station will open from 06:15 am to 01:30 am (of the following day).
• Deira City Centre Station will open from 05:35 am to 11:30 pm,
• Karama Station will open from 06:10 am to 10:20 pm,
• Al Ahli Club Station will open from 05:55 am to 10:15 pm .
• External stations, like Sharjah Al Taawon, will operate from 05:30 am to 10:00 pm,
• Fujairah Station will open from 05:15 am to 09:30 pm,
• Hatta Station from 05:30 am to 09:30 pm, and Ajman Station from 04:27 am to 11:00 pm.

Metro services
Dubai Metro services, the Red Line stations will run service in Ramadan from Saturday to Wednesday from 05:30 am to 12:00 (midnight).
On Thursday, stations will open from 05:30 am to 01:00 am (of the following day)
On Friday from 10:00 am to 01:00 am (of the following day).
There will be no change in the timing of the Express Metro service during Ramadan.
The Green Line stations will operate in Ramadan from Saturday to Wednesday from 05:50 am to 12:00 (midnight).
On Thursday, stations will operate from 05:50 am to 01:00 am (of the following day)
On Friday from 10:00 am to 01:00 am (of the following day).

Dubai Tram
The Dubai Tram will operate from Saturday to Thursday from 06:30 am to 01:00 am, and on Friday from 09:00 am to 01:00 am (of the following day).

Marine transport
The schedules of marine transit services during Ramadan :
The Water Bus will shuttle in marina stations (Marina Mall, Marina Walk, Marina Terrace, Marina Promenade) from 12:00 at noon up to 12:00 midnight.
The Water Taxi will operate from 09:00 am until 10 pm.
Dubai Ferry will be calling at Ghubaiba Station at 11:00 am and 06:30 pm.
The Ferry will operate from Marina at 11:00 am, 05:00 pm and 06:30 pm.
From Al Jaddaf Station to Dubai Water Canal Station, the Ferry will be running service at 10:00 am and 05:30 pm
From Dubai Water Canal Station to Al Jaddaf Station at 12:05 at noon and 07:35 pm.

The timing of Abra during Ramadan will be as follows:
Traditional Abra will operating at (Ghubaiba, Baniyas, and Dubai Old Souq), from 10:00 am until 12:00 (midnight).
At Al Jaddaf Station, Dubai Festival City, it will operate from 07:00 am to 12:00 (midnight).
At the Sheikh Zayed Road Station (Dubai Water Canal), it will operate from 08:00 pm to 02:00 am (of the following day).
The Electric Abra will be operating at Burj Khalifa/Dubai Mall from 08:00 pm until 11:30 pm,
At Al Mamzar from 08:00 pm to 02:00 am (of the following day).

Testing centres
Technical testing centres run by suppliers will offer services in respect of light vehicles during Ramadan in the morning only without prior appointment. Technical testing services of heavy vehicles will be offered in the morning and evening.

The business hours of strategic partners’ centers will be as follows:
Tasjeel Enoc (Al Qusais, Al Awir, Al Barsha, Al Tawar and Warsan) from Saturday to Thursday will be open in two shifts. In the morning from 08:00 am to 04:00 pm and in the evening from 09:00 pm to 02:00 am (of the following day).
Hatta Center will open from 09:00 am to 03:00 pm,
Jebel Ali Centre will open from 08:00 am to 04:00 pm.

Emarat, Shamil, Al-Adid, Wasl, Al-Muhaisna, Nad Al Hamar, Al Jaddaf and Al Arabi Centers will open from Saturday to Thursday on two shifts. In the morning from 09:00 am to 04:00 pm and in the evening from 09:00 pm to 02:00 am (of the following day).

Quick Registration Centre will also open in two shifts:
In the morning from 09:00 am to 05:00 pm and in the evening from 09:00 pm to 03:00 am (of the following day).
PAL Garage will open from 09:00 am to 04:00 pm,
Al Shirawi Enterprises Centre will open from 09:00 am to 05:00 pm.
Al Mumayaz Centre will open from Saturday to Thursday (at Al Mizhar Markets and Al Barsha Mall) on two shifts.
In the morning, it will open from 09:00 am to 04:00 pm and in the evening from 09:00 pm to 01:00 am (of the following day).
Tamam Speedfit & Cars Centers will open from Saturday to Thursday on two shifts.
In the morning, they will open from 09:00 am to 04:00 pm and in the evening from 09:00 pm to 02:00 am (of the following day).

Centres that will open on Friday during Ramadan are: Tasjeel Enoc (Al Qusais and Al Barsha) from 09:00 pm to 02:00 am (of the following day); they will offer VIP Service for processing transactions only.
Wasil-Al Arabi Centre will open on Friday from 09:00 pm to 02:00 am (of the following day),
Quick Registration Centre will open from 09:00 pm to 03:00 am (of the following day).

Health.
Those who are fasting from early morning need to be aware of the risk of fatigue or feinting especially if driving long distances and should adjust their meal times and sleeping hours.

With an earlier finish we may all get a lot more exposure to sunlight. Take care to avoid overexposure. We are close to the equator and the sun’s radiation is much stronger here than is generally realized even on a cloudy day. Protect your eyes with sunglasses, if you are fair skinned then also consider sun cream, or long sleeves or a parasol and/or a hat. The locals cover themselves from head to foot for good reason. Long distance driving e.g. to Abu Dhabi also creates risk of overexposure.

Service centres
Customers’ happiness centres will be operating from Sunday to Thursday at different times.
Umm Al Romool, Al Barsha, Deira and Al Kafaf Centers will open from 09:00 am to 02:00 pm.
Al Tawar, Al Manara, and Al Awir Centers will operate from 09:00 am to 05:00 pm.

Some general Ramadan Do’s and Don’ts
DO… make the most of the community spirit. Say ‘Ramadan Kareem’ to friends and colleagues, introduce yourself to those neighbours to whom ‘you’ve always meant to say ‘hi , organise an after-work iftar, and catch up with friends and family.
DO… understand that many locals become a night owl. Everything happens later during Ramadan. Malls are open past midnight and suhoors go into the early hours.
email responses may take longer, and it may take a little more planning to process visas, or just about any other government business transaction if their working hours are reduced
DO… your bit for a good cause. Ramadan is a good time to put your money where your mouth is. The UAE has a wide range of charitable and volunteering organisations.
DON’T… forget the ‘rules.
If you’re not a Muslim, then they still apply – you’re still expected to be respectful.
It’s frowned upon to dress inappropriately, eat, drink or smoke during daylight, play loud music or swear in public. At the very least these things are frowned upon and will cause discomfort to others, and at worst you may find yourself in trouble with the police or fined.
DON’T… lose your patience. Working hours are likely to be shorter (and perhaps a little less productive), those who are fasting tend to be tired, and the UAE’s roads will be more hectic at times.

سائلين الله عـز وجـل أن يرزقكـم فيه مغـفـره ورحمه وعتق من النار.
We ask ALLAH Almighty to bless you with forgiveness and mercy and freedom from fire

May all your prayers be answered.

Dynamics 365 Talent leverages LinkedIn -coming soon.

May 20th, 2017

In a recent post we announced details about the Linked-in Sales Navigator: http://www.synergy-software.com/blog/?p=5707 following Microsoft’s blockbuster acquisition of LinkedIn last year,

Dynamics 365 will also include features for Human Capital Management (HCM). Earlier this month, Microsoft announced its new Talent application for Dynamics 365 which is scheduled for release from July 2017 as a standalone cloud-based HCM application that includes Human Resources (HR) admin, workforce planning and employee experience capabilities and utilizes Microsoft Common Data Services as the data storage and extensibility model (i.e. it is not directly part of either CRM, and you need to on cloud to use it.).

Some of these capabilities are built out from the HCM capabilities of the Dynamics 365 ERP Operations app / Dynamics AX which will retain that existing functionality.

Microsoft has highlighted two new HCM workflows: for candidate engagement, and for employee on-boarding that will be exclusively available to Dynamics 365 Talent, and that leverage the LinkedIn integration.

to see a Technical preview register your details here: https://info.microsoft.com/get-updates-for-dynamics365-talent-app-register.html

Talent Engagement

When hiring new staff HR teams have many disconnected sources of data: LinkedIn profiles, CV’s, portfolios of work and actual job applications all of which need to be matched to the selection criteria for each role.

Without visibility of a complete candidate profile, time is lost to build up a profile from these various sources, or is wasted on interviewing unsuitable candidates.

Connecting directly to LinkedIn Recruiter, Dynamics 365 Talent will offer a more complete human resources profile that also connects Office 365 and that will make the hiring process more transparent for HR professionals. Using LinkedIn Recruiter, teams will be able to define the criteria for a job role: location, skills, spoken languages and job titles etc to find prospective, matching candidates:

Within the Dynamics 365 Talent interface, hiring managers can easily see what both internal and external recruiters are doing thanks to new integration with LinkedIn. This will for example show which individuals applied for the role, and the current stage of the process for each candidate. Each candidate’s LinkedIn profile, including their application detail, is integrated and accessible directly from Dynamics 365 for HR teams from both desktop and mobile devices.

From this interface to Dynamics 365 Talent, use Office 365 integration to check the availability for all members of the interview team to suggest suitable times to set up interviews in the hiring team’s schedule. Send out Calendar invites from Dynamics 365 to each party and track these and the invitation responses:

Provide feedback about candidates which is shared with everyone involved in the hiring decision within Dynamics 365 Talent to help identify which individual(s) will be made an offer.

Employee On-Boarding

Hiring the right people doesn’t necessarily mean an appointment will be successful and high attrition from new starters is costly in terms of the recruitment costs and lost productivity.

The new, on-boarding experience, provided by Dynamics 365 Talent provides added support to manage these logistics. in the launch event, Microsoft demonstrated how Dynamics 365 will streamline on-boarding processes to help new employees get started so they fit in with the organisation’s culture, and quickly contribute to its growth.

These capabilities include on-boarding templates, that feature a series of activities which need to be completed by HR teams and successful candidates prior to their arrival. For example, this running background checks on the individual and following up references, or getting the candidate to provide their national insurance details, send an employment tax summary from their previous employment, submit visa information, or complete a non-disclosure agreement.

This provides clear visibility from a single interface about the state of readiness for both the candidate, and the organisation ahead of the employment start date. Templates can also be used to share more information that will prepare the individual for their first day. This could include logistical detail such as parking information and building security processes, details of the training they will need to complete and more detail about organisation and its values, e-polices, office access out of hours, claiming expense, reporting absence etc. This content can also provide more information about their role, and how this contributes to the success of the business.

Leveraging LinkedIn integration, the on-boarding template can also introduce the individual to their new work colleagues enabling them to connect with these contacts ahead of their arrival. This will also highlight other contacts within the organisation who they may already know, this can include individuals who attended the same school, or who also worked previously for the same employer. Once defined, adapt each template and re-use for future on-boarding processes.

With access to the respective skills, qualifications and past experiences of staff using LinkedIn data that will enrich Dynamics 365 this will likely evolve to enable individuals to be more accurately matched to projects. It will be interesting to see how this eventually works with the Dynamics 365 project service to go beyond its existing skill ratings functionality. Already it is clear that these new connected capabilities will help organisations to strategically hire the right people and nurture them for mutual success.

LinkedIn announced last month that it had “crossed an important and exciting milestone” by reaching a half billion users across 200 different countries, compared to the 467 million the company reported in October. “A professional community of this size has never existed until now,” noted Aatif Awan, vice president for growth and international products, in a LinkedIn blog post .

The United Arab Emirates, is the country with the most connected users, with an average of 211 connections each, while London is the most connected major city, with an average of 307 connections per user.

Power BI premium is now available

May 20th, 2017

The introduction this month of Power BI Premium promises greater flexibility in terms of: licensing, scaling and ease of deployment. See the announcement on powerbi.microsoft.com,

The license flexibility gives Organizations greater control over its user’s level of access, fully enabling capabilities for some, while others who just need to view and interact with reports will be able to do so without licenses.

Similar to many other Microsoft cloud-based products and services like Dynamics 365, Power BI Premium comes with greater scalability, to allow organizations to scale up or down based on their changing business needs over time.

Premium also provides the ability to manage Power BI reports on-premises with Power BI Report Server.
Power BI Report Server on-premises is fully compatible and cloud-ready. This is particularly of interest for those looking into a Local Business Data (on-premises) deployment of Dynamics 365 for Operations. The new service will be generally available late Q2 2017.

Microsoft has also just released the new Process Analyzer Content Pack for Power BI for Dynamics 365 Version 8.2 and higher. Use this content pack to monitor and analyze your business processes based on the detailed process information stored in your Dynamics 365 system.

There was also a recently introduced Microsoft Power BI content pack for Social Engagement with a new Engagement Analytics report; and of course there still tne Engagement Performance and Team Performance reports previously released.

The Engagement Analytics report provides additional insights regarding engagement on social media with metrics based on location, sentiment, tags and authors. The data model is also enhanced to include these additional dimensions to give more power to explore and to analyze your Social Engagement data.

Deal with WannaCrypt ransomware

May 15th, 2017

To get the latest protection from Microsoft, upgrade to Windows 10.
Keep your computers up-to-date to get the benefits of the latest features and proactive mitigations built into the latest versions of Windows.

Microsoft Malware Detection and Removal Tools

Use the following free Microsoft tools to detect and remove this threat:

• Windows Defender – built-in to Windows 10. There’s nothing to buy and nothing to install. No configuration, no subscriptions, and no nagware
• Microsoft Safety Scanner: https://www.microsoft.com/security/scanner/en-us/default.aspx?wt.mc_id=AID618806_EML_5062822

(The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software. Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.The Microsoft Safety Scanner is not a replacement for using an antivirus software program that provides ongoing protection.)

Also view :
• Microsoft Security Response Center Blog
• Microsoft Malware Protection Center Blog
• Microsoft Safety and Security Center webpage

We recommend customers that have not yet installed the security update MS17-010 do so as soon as possible. Until you can apply the patch, we recommend two possible workarounds to reduce the attack surface:
• Disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 (Reboot Required)
• Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445

Windows Defender Antivirus detects this threat as Ransom:Win32/WannaCrypt as of the 1.243.297.0 update.

Enable Windows Defender Antivirus to detect this ransomware.
Windows Defender Antivirus uses cloud-based protection, to help protect you from the latest threats.

Use Office 365 Advanced Threat Protection, which has machine learning capability that blocks dangerous email threats, such as the emails carrying ransomware.

Monitor your network with Windows Defender Advanced Threat Protection, which alerts security operations teams about suspicious activities.

For enterprises, use Device Guard to lock down devices and provide kernel-level virtualization-based security, allowing only trusted applications to run, effectively preventing malware from running.

A ransomware threat does not normally spread so rapidly. Threats like WannaCrypt typically leverage social engineering or emails as primary attack vector, relying on users downloading and executing a malicious payload. However, in this unique case, the ransomware perpetrators incorporated publicly-available exploit code for the patched SMB EternalBlue vulnerability, CVE-2017-0145, which can be triggered by sending a specially crafted packet to a targeted SMBv1 server.
It was fixed in security bulletin MS17-010, released on March 14, 2017.

WannaCrypt’s spreading mechanism is borrowed from well-known public SMB exploits, which armed this regular ransomware with worm-like functionalities, creating an entry vector in machines still unpatched even after the fix had become available.

The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack.

We haven’t found the exact initial entry vector used by this threat, but there are two scenarios that we believe are highly likely for this ransomware family:
• Arrival through social engineering emails designed to trick users to run the malware and to activate the worm-spreading functionality with the SMB exploit
• Infection through SMB exploit when an unpatched computer can be addressed in other infected machines

The threat arrives as a dropper Trojan that has the following two components:

• Ccomponent that tries to exploit the SMB EternalBlue vulnerability in other computers
• Ransomware known as WannaCrypt

The dropper tries to connect the following domain using the API InternetOpenUrlA():
hxxp://www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com

When connection is successful, the threat does not infect the system further with ransomware, nor try to exploit other systems to spread; it simply stops execution. However, when the connection fails, the dropper proceeds to drop the ransomware and creates a service on the system.

Blocking the domain with firewall either at ISP or enterprise network level will just cause the ransomware to continue spreading and encrypting files.

The threat creates a service named mssecsvc2.0, whose function is to exploit the SMB vulnerability in other computers accessible from the infected system:

Service Name: mssecsvc2.0
Service Description: (Microsoft Security Center (2.0) Service)
Service Parameters: “-m security”

When run, WannaCrypt creates the following registry keys:

• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ = “\tasksche.exe”
• HKLM\SOFTWARE\WanaCrypt0r\\wd = “

It changes the wallpaper to a ransom message by modifying the following registry key:
• HKCU\Control Panel\Desktop\Wallpaper: “\@WanaDecryptor@.bmp”

It creates the following files in the malware’s working directory:

• 00000000.eky • 00000000.pky
• 00000000.res

• 274901494632976.bat
• @Please_Read_Me@.txt
• @WanaDecryptor@.bmp
• @WanaDecryptor@.exe
• b.wnry
• c.wnry
• f.wnry
• m.vbs
• msg\m_bulgarian.wnry
• msg\m_chinese (simplified).wnry
• msg\m_chinese (traditional).wnry
• msg\m_croatian.wnry
• msg\m_czech.wnry
• msg\m_danish.wnry
• msg\m_dutch.wnry
• msg\m_english.wnry
• msg\m_filipino.wnry
• msg\m_finnish.wnry
• msg\m_french.wnry
• msg\m_german.wnry
• msg\m_greek.wnry
• msg\m_indonesian.wnry
• msg\m_italian.wnry
• msg\m_japanese.wnry
• msg\m_korean.wnry
• msg\m_latvian.wnry
• msg\m_norwegian.wnry
• msg\m_polish.wnry
• msg\m_portuguese.wnry
• msg\m_romanian.wnry
• msg\m_russian.wnry
• msg\m_slovak.wnry
• msg\m_spanish.wnry
• msg\m_swedish.wnry
• msg\m_turkish.wnry
• msg\m_vietnamese.wnry
• r.wnry
• s.wnry
• t.wnry
• TaskData\Tor\libeay32.dll
• TaskData\Tor\libevent-2-0-5.dll
• TaskData\Tor\libevent_core-2-0-5.dll
• TaskData\Tor\libevent_extra-2-0-5.dll
• TaskData\Tor\libgcc_s_sjlj-1.dll
• TaskData\Tor\libssp-0.dll
• TaskData\Tor\ssleay32.dll
• TaskData\Tor\taskhsvc.exe
• TaskData\Tor\tor.exe
• TaskData\Tor\zlib1.dll
• taskdl.exe
• taskse.exe
• u.wnry

WannaCrypt may also create the following files:

• %SystemRoot%\tasksche.exe
• %SystemDrive%\intel\\tasksche.exe
• %ProgramData%\\tasksche.exe

It may create a randomly named service that has the following associated ImagePath: “cmd.exe /c “\tasksche.exe”"

Then it searches the whole computer for any file with any of the following file name extensions:
.123, .jpeg , .rb , .602 , .jpg , .rtf , .doc , .js , .sch , .3dm , .jsp , .sh , .3ds , .key , .sldm , .3g2 , .lay , .sldm , .3gp , .lay6 , .sldx , .7z , .ldf , .slk , .accdb , .m3u , .sln , .aes , .m4u , .snt , .ai , .max , .sql , .ARC , .mdb , .sqlite3 , .asc , .mdf , .sqlitedb , .asf , .mid , .stc , .asm , .mkv , .std , .asp , .mml , .sti , .avi , .mov , .stw , .backup , .mp3 , .suo , .bak , .mp4 , .svg , .bat , .mpeg , .swf , .bmp , .mpg , .sxc , .brd , .msg , .sxd , .bz2 , .myd , .sxi , .c , .myi , .sxm , .cgm , .nef , .sxw , .class , .odb , .tar , .cmd , .odg , .tbk , .cpp , .odp , .tgz , .crt , .ods , .tif , .cs , .odt , .tiff , .csr , .onetoc2 , .txt , .csv , .ost , .uop , .db , .otg , .uot , .dbf , .otp , .vb , .dch , .ots , .vbs , .der” , .ott , .vcd , .dif , .p12 , .vdi , .dip , .PAQ , .vmdk , .djvu , .pas , .vmx , .docb , .pdf , .vob , .docm , .pem , .vsd , .docx , .pfx , .vsdx , .dot , .php , .wav , .dotm , .pl , .wb2 , .dotx , .png , .wk1 , .dwg , .pot , .wks , .edb , .potm , .wma , .eml , .potx , .wmv , .fla , .ppam , .xlc , .flv , .pps , .xlm , .frm , .ppsm , .xls , .gif , .ppsx , .xlsb , .gpg , .ppt , .xlsm , .gz , .pptm , .xlsx , .h , .pptx , .xlt , .hwp , .ps1 , .xltm , .ibd , .psd , .xltx , .iso , .pst , .xlw , .jar , .rar , .zip , .java , .raw

WannaCrypt encrypts all files it finds and renames them by appending “.WNCRY” to the file name. For example, if a file is named “picture.jpg”, the ransomware encrypts and renames to “picture.jpg.WNCRY”.

This ransomware also creates the file “@Please_Read_Me@.txt” in every folder where files are encrypted. The file contains the same ransom message shown in the replaced wallpaper image. After completing the encryption process, the malware deletes the volume shadow copies by running the following command:

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

It then replaces the desktop background image with a message and also runs an executable showing a ransom note which indicates a $300 ransom and a timer. The ransomware also demonstrates the decryption capability by allowing the user to decrypt a few random files, free of charge. It then quickly reminds the user to pay the ransom to decrypt all the remaining files. The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infects other vulnerable computers. This activity results in large SMB traffic from the infected host, which normally can be observed by SecOps personnel.

Once a vulnerable machine is found and infected, it becomes the next hop to infect other machines. The vicious infection cycle continues as the scanning routing discovers unpatched computers. When it successfully infects a vulnerable computer, the malware runs kernel-level shellcode which seems to have been copied from the public backdoor known as DOUBLEPULSAR, but with certain adjustments to drop and execute the ransomware dropper payload, both for x86 and x64 systems.

Dynamics 365 for Finance and Operations

May 14th, 2017

Dynamics 365 for Operations once known as AX-7 gets a new name starting 07/01/2017; the software will be called Dynamics 365 for Finance and Operations to better reflect its capabilities.

I can’t help thinking that this 59 character title will be abbreviated – maybe to DFO365?

Ransomware strikes again

May 13th, 2017

Ransomware increased 35% last year.
More alarming is the continuing recent rise in both sophistication and the mass distribution of ransomware.

Ransomware can bring your business to a halt and cause significant financial damage.
Unlike the stealthier advanced attacks that can stay undetected on corporate network for months, the impact of ransomware is immediate and intrusive.

Cyber attackers don’t need a lot of money, resources or technical sophistication to use ransomware.

Todays headlines:
Hospitals across the country hit badly by attack
Nearly 100 countries affected
Fears of chaos over weekend
Cyber attack hits German train stations as hackers target Deutsche Bahn

Russian-linked cyber gang Shadow Brokers was blamed. It is claimed the group, which has links to Russia, stole US National Security Agency cyber tools designed to access Microsoft Windows systems, then dumped the technology on a publicly-accessible website where online criminals could access it – possibly in retaliation for America’s attack on Syria. The exploit was leaked last month as part of a trove of NSA spy tools. The ransomware locks down all the files on an infected computer and asks the computer’s administrator to pay in order to regain control of them. The ransomware, called “WannaCry,” spreads by taking advantage of a Windows vulnerability for which Microsoft (MSFT, Tech30) released a security patch for in March. .
Affected machines have six hours to pay up and every few hours the ransom goes up

The global cyber attack crippled services on Friday (yesterday) The U.K. health service faces a weekend of chaos after hackers demanding a ransom infiltrated the health service’s antiquated computer system. Operations and appointments were cancelled and ambulances diverted as up to 40 hospital trusts became infected by a “ransomware” attack demanding payment to regain access to vital medical records.
Doctors warned that the infiltration – the largest cyber attack in NHS history – could cost lives.

Medics described how computer screens were “wiped out one by one” by the attack, spread to companies and institutions worldwide, including international shipper FedEx Corp in the US, and Germany’s rail operator. Spain’s largest telecom operator, Telefónica., was also affected. Spanish authorities confirmed the ransomware is spreading through the vulnerability, called “EternalBlue,” and advised people to patch.

Helsinki based Security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets. Megafon, a Russian telecommunications company, was hit by the attack

The ransomware is automatically scanning for computers it can infect, whenever it loads itself onto a new machine. It can infect other computers on the same wireless network. It has a ‘hunter’ module, which seeks out PCs on internal networks, so, if your laptop is infected and you go to a coffee shop, then it will spread to PCs at the coffee shop and from there, to other companies.

The sad part of the NHS tale is that Microsoft provided free software to protect computers in March, which raises questions about why the NHS was still vulnerable. it seems that many trusts were using obsolete systems, while others failed to apply recent security updates. Indeed This there are estimates that 90 per cent of NHS trusts in the UK are still using Windows XP – a now unsupported, 16-year-old operating system., introduced before 2007 which is particularly vulnerable,

Unknown attackers deployed a virus targeting Microsoft servers running the file sharing protocol Server Message Block (SMB). Only servers that weren’t updated after March 14 with the MS17-010 patch were affected; this patch resolved an exploit known as ExternalBlue, once a closely guarded secret of the National Security Agent, which was leaked last month by ShadowBrokers, a hacker group that first revealed itself last summer. The ransomware, aptly named WannaCry, did not spread because of people clicking on bad links. The only way to prevent this attack was to have already installed the update.

Through the ExternalBlue exploit, the malware installed an NSA backdoor payload called DoublePulsar, and through it went WannaCry, which then spread rapidly and automatically to other computers on the same network.“Whereas ransomware such as Locky normally requires user interaction, such as opening a word document, WannaCry has the capability to spread automatically. Thankfully a weakness in the method of propagation has allowed researchers to take control of a piece of attacker infrastructure and limit new infections— otherwise it could have been even worse.

Microsoft said yesterday that it is pushing out automatic Windows updates to defend clients from WannaCry.

What is ransomware
?Malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it

Where did ransomware originate?
The first documented case appeared in 2005 in the United States, but quickly spread around the world

How does it affect a computer?

The software is normally contained within an attachment to an email that masquerades as something innocent. Once opened it encrypts the hard drive, making it impossible to access or retrieve anything stored on there – such as photographs, documents or music

How can you protect yourself?
Anti-virus software can protect your machine, although cybercriminals are constantly working on new ways to override such protection

How much are victims expected to pay?
The ransom demanded varies. Victims of a 2014 attack in the UK were charged £500. However, there’s no guarantee that paying will get your data back.
If you think you might be vulnerable to WannaCry, or you don’t remember installing any updates over the past month, then your first step is to address that issue immediately.

This is the most critical Windows patch since [Conficker], which was one the largest similar infections to date.
Despite having been patch nearly a decade ago, the Conficker worm is still in circulation which you find everywhere. WannaCry, too, is going to be on networks for years.

The importance of downloading and installing security updates (as opposed to just clicking “remind me tomorrow” for several weeks in a row) cannot be overstated.

Just ask the patients of the 16 hospitals in England whose delay in care could have been easily avoided

VAT planning- GCC framework is published

May 10th, 2017

The GCC’s unified agreement for value added tax (VAT) has recently been published (in Arabic only) by the
Saudi Ministry of Finance on their website.

This unified agreement sets out the framework under which VAT can be implemented in each of the
GCC member states. The framework includes agreement on certain matters but still allows member
states discretion on how to treat others.

Once the agreement is ratified, each member state can issue its own local law and implement VAT.

The UAE intends to implement VAT with effect from 1 January 2018 but other states may take another 6 months or so.

The framework paves the way for implementation, for a basic rate of VAT of five percent with certain supplies of goods and services zero rated or VAT exempt. We understand that the Ministry of Finance (MoF) will release the UAE’s law on VAT towards the end of June. This will detail how the UAE will interpret the GCC framework and how it will deal with those matters where it has discretion. These will include whether to treat certain supplies as zero rated or VAT exempt.

The local law will detail conditions for:
VAT deductions,
VAT grouping
Rules for recovering VAT in respect of financial services
Reporting formats

There is no indication of how VAT will apply to free zones.

The MoF has recently been holding a series of public awareness sessions, outlining how they
propose to apply VAT to those areas where the GCC framework allows discretion. The UAE has also
taken steps to set up its own Federal Tax Authority (FTA), which will be responsible for all VAT
matters in the UAE.

The framework provides information to start planning for VAT.

VAT will impact all businesses in the UAE, either directly or indirectly.

So carefully review your systems and review their processes to understand the impact of VAT and to determine what needs to be done to be fully compliant with the new laws.

Do you need to recruit? Train?

Budget for auditors, or consulting support, or system modifications or upgrades?

What contracts are in place beyond 1 January 2018 -how will those be impacted by VAT?

All businesses will be required to maintain extensive and proper books of account because complete, verifiable
documentation will be essential to support a VAT refund claim and avoid penalties for non-compliance.

Accounting systems should be able to identify and record VAT – payable and receivable, – across the entire supply chain. Ensure that your systems will enable you to:
- hold VAT registration ids by trading partner
- hold VAT codes by item fro the relevant tax rate or exemption.
- identify and record rebates,
- exemptions,
– or other special VAT treatments on particular transactions.
- generate commercial documents like invoices or till receipts with VAT shown
- deal with rebate and returns
- create timely, accurate statutory returns
- work with current interfaces.
- product auditable accounts.

We have already received several dozen inquires to assist with this transition, if you need assistance with your business systems to comply with VAT then please contact us in good time – year end is a holiday season and also a busy time for new system go live, and for financial audit preparation.

Mobile security- Microsoft’s Secure Productive Enterprise

May 7th, 2017

As more information, devices and users travel beyond the traditional network restraints, every organisation needs to place security at the forefront of a modern workforce strategy. It’s now over 6 months (October 2016) since Microsoft released its Secure Productive Enterprise package,
• What is SPE all about?
• Is SPE just ECS under a new name?
• Is SPE just a licensing bundle?

1. What is Secure Productive Enterprise?

SPE is a licensing option from Microsoft that e bundles together: Windows 10 Enterprise, Office 365 and Enterprise Mobility + Security technologies into a single offering.

It comes in two variants: SPE E3 and SPE E5.
It can be purchased per user, with a significant cost saving compared buying the products individually.

There are several other variations nuances, of how you can buy SPE (which licensing program) and how much it will cost you. This will largely depend on your organisation’s requirements and your current licensing position with Microsoft.

2. Is SPE just ECS under a different name?

The Microsoft Enterprise Cloud Suite (ECS) has effectively become SPE E3 and includes the following core products and services:
• Windows 10 Enterprise (E3)
• Office 365 (E3)
• Enterprise Mobility + Security (E3)

3. What is Enterprise Mobility + Security?

Enterprise Mobility + Security (EMS) is what was the Enterprise Mobility Suite. The name change reflects the significant number of security products and services that were added to this solution since the launch of EMS.

4. So, is SPE just a licensing bundle?

SPE can just be a licensing bundle, if that’s all you want it to be. But it is also much more…
There is so much new technology in SPE (and Microsoft is adding to it all the time) that it can be hard to keep up. Even as a licensing option, Microsoft has included some firsts.

SPE includes brand new cloud and on-premises licensing entitlements to help organisations who plan to transition to the cloud over time, and it allows Software Assurance customers to install Office Professional Plus and Office 365 Professional Plus on up to five devices per user for the length of the subscription.

You also get the on-premises server rights for SharePoint, Exchange and Skype for Business thrown in.

More than forty thousand customers that Enterprise Mobility + Security (EMS) today.

For industries that require advanced identity governance such a:s government, military, pharma, financial services, etc SailPoint integration will extend Azure Active Directory Premium to provide full, fine-grained provisioning and lifecycle governance across enterprise systems on-premises and in the cloud. A direct connector automatically aggregates user accounts, group permissions, and Microsoft Access Panel tiles and maps each of these to the SailPoint Identity Cube. It also provides the basis for SailPoint to send change events back to Azure AD when access is modified during a governance mitigation process.

In addition to this, SailPoint will connect to applications managed outside of Azure AD, including on-premises applications like EPIC, which is widely used in healthcare. This creates a 360-degree view of all access in the organization and creates a strong foundation for comprehensive control

https://blogs.technet.microsoft.com/enterprisemobility/2017/02/10/azure-ad-and-sailpoint-advanced-identity-governance-across-your-on-premises-and-cloud-resources/

Contact us to request a copy of Microsoft’s fact sheet “Secure-Productive-Enterprise-at-a-Glance-October-2016.pdf”

0097143365589

May 7th, 2017

As well as leveraging Linked in for Sales Microsoft also recently announced its plans for Talent Management.
The new Dynamics 365 for Talent with LinkedIn integration will bring together the places where companies find talent, and the world of work in Office 365 – starting in July 2017.

Employees are the heart of every company, and talent is the most scarce and expensive resource.
To help companies better manage and nurture that precious resource, this is a new application for HR organizations called Dynamics 365 for Talent.

From sourcing and recruiting, to onboarding and retention, Dynamics 365 for Talent will provide a 360-degree view of your workforce, with modules that empower an organization to:
• access the best talent, quickly, with LinkedIn Recruiter integrations that enable dynamic candidate profiles to give managers and interviewers the most up-to-date information
• deliver personalized onboarding experiences to accelerate a new employees’ ability to deliver i with targeted activities and learning resources, along with access to relevant contacts.
• Maintain an up-to-date view of employee experiences through a consolidated HR profile that will span Office 365, Dynamics 365 and LinkedIn profile information

Dynamics 365 + LinkedIn Sales Navigator ask Synergy Software Systems, Dubai.

May 3rd, 2017

Improve sales with Dynamics 365 + LinkedIn Sales Navigator

Dynamics 365 for Sales helps salespeople work on sales data and surface actions directly within Office 365 to more quickly close a deal. Quotes can be created using customer insights, accurate pricing and inventory data, and then recorded in the appropriate system, including any custom discounts offered, and then sent to the customer – without ever having to leave Outlook.

LinkedIn integration will help salespeople deliver better outcomes from LinkedIn Sales Navigator and LinkedIn’s 500 million professionals.

Sales Navigator with Dynamics 365 will dramatically increase the effectiveness of salespeople by tapping into their professional networks and relationships, giving them the ability to improve their pipeline by:
• Leveraging signals across email, CRM and LinkedIn to get contextual recommendations for the next best action within Dynamics 365 for Sales, facilitating introductions directly through the company’s network, and sending InMail, messages and customized connection requests
• Engaging buyers with tailored content throughout the account lifecycle, and getting account and lead updates including news mentions and job changes
• Building strong relationships with existing contacts through access to LinkedIn profile details including photos, current roles and work history.

Take advantage of this solution with an introductory offer that brings together LinkedIn Sales Navigator and Dynamics 365 for Sales – at about half the cost of competitive solutions in the market,

Available in July 2017.

Two leading sales solutions at one low price
Microsoft’s Relationship Sales solution includes:
– LinkedIn Sales Navigator Team
- Dynamics 365 for Sales, Enterprise edition

$135 user/month